CompTIA Security+: SY0-601 Certification Guide - Second Edition

By : Ian Neil

CompTIA Security+: SY0-601 Certification Guide - Second Edition

By: Ian Neil

Overview of this book

The CompTIA Security+ certification validates the fundamental knowledge required to perform core security functions and pursue a career in IT security. Authored by Ian Neil, a world-class CompTIA certification trainer, this book is a best-in-class study guide that fully covers the CompTIA Security+ 601 exam objectives. Complete with chapter review questions, realistic mock exams, and worked solutions, this guide will help you master the core concepts to pass the exam the first time you take it. With the help of relevant examples, you'll learn fundamental security concepts from certificates and encryption to identity and access management (IAM). As you progress, you'll delve into the important domains of the exam, including cloud security, threats, attacks and vulnerabilities, technologies and tools, architecture and design, risk management, cryptography, and public key infrastructure (PKI). You can access extra practice materials, including flashcards, performance-based questions, practical labs, mock exams, key terms glossary, and exam tips on the author's website at securityplus.training. By the end of this Security+ book, you'll have gained the knowledge and understanding to take the CompTIA exam with confidence.

Preface

Who this book is for

What this book covers

To get the most out of this book

Additional online resources

Download the color images

Conventions used

Get in touch

Reviews

Objectives for the CompTIA Security+ 601 exam

Exam Objectives (Domains)

Free Chapter

Section 1: Security Aims and Objectives

Chapter 1: Understanding Security Fundamentals

Security Fundamentals

Comparing Control Types

Physical Security Controls

Understanding Digital Forensics

Review Questions

Chapter 2: Implementing Public Key Infrastructure

PKI Concepts

Asymmetric and Symmetric Encryption

Key Stretching Algorithms

Salting Passwords

Cipher Modes

Quantum Computing

Blockchain and the Public Ledger

Hashing and Data Integrity

Comparing and Contrasting the Basic Concepts of Cryptography

Basic Cryptographic Terminologies

Common Use Cases for Cryptography

Practical Exercises

Review Questions

Chapter 3: Investigating Identity and Access Management

Understanding Identity and Access Management Concepts

Identity Types

Account Types

Authentication Types

Implementing Authentication and Authorization Solutions

Summarizing Authentication and Authorization Design Concepts

Cloud versus On-Premises Authentication

Common Account Management Policies

Practical Exercise – Password Policy

Review Questions

Chapter 4: Exploring Virtualization and Cloud Concepts

Overview of Cloud Computing

Implementing Different Cloud Deployment Models

Understanding Cloud Service Models

Understanding Cloud Computing Concepts

Understanding Cloud Storage Concepts

Selecting Cloud Security Controls

Exploring the Virtual Network Environments

Review Questions

Section 2: Monitoring the Security Infrastructure

Chapter 5: Monitoring, Scanning, and Penetration Testing

Penetration Testing Concepts

Passive and Active Reconnaissance

Exercise Types

Vulnerability Scanning Concepts

Syslog/Security Information and Event Management

Security Orchestration, Automation, and Response

Review Questions

Chapter 6: Understanding Secure and Insecure Protocols

Introduction to Protocols

Insecure Protocols and Their Use Cases

Secure Protocols and Their Use Cases

Additional Use Cases and Their Protocols

Review Questions

Chapter 7: Delving into Network and Security Concepts

Installing and Configuring Network Components

Remote Access Capabilities

Secure Network Architecture Concepts

Network Reconnaissance and Discovery

Forensic Tools

IP Addressing

Review Questions

Chapter 8: Securing Wireless and Mobile Solutions

Implementing Wireless Security

Wireless Access Point Controllers

Deploying Mobile Devices Securely

Mobile Device Connection Methods

Review Questions

Section 3: Protecting the Security Environment

Chapter 9: Identifying Threats, Attacks, and Vulnerabilities

Virus and Malware Attacks

Social Engineering Attacks

Threat Actors

Advanced Attacks

Review Questions

Chapter 10: Governance, Risk, and Compliance

Risk Management Processes and Concepts

Threat Actors, Vectors, and Intelligence Concepts

The Importance of Policies for Organizational Security

Regulations, Standards, and Legislation

Privacy and Sensitive Data Concepts

Review Questions

Chapter 11: Managing Application Security

Implementing Host or Application Security

Understanding the Security Implications of Embedded and Specialist Systems

Understanding Secure Application Development, Deployment, and Automation

Review Questions

Chapter 12: Dealing with Incident Response Procedures

Incident Response Procedures

Utilizing Data Sources to Support Investigations

Knowing How to Apply Mitigation Techniques or Controls to Secure an Environment

Implementing Cybersecurity Resilience

Review Questions

Section 4: Mock Tests

Chapter 13: Mock Exam 1

Mock Exam 1 Solutions

Chapter 14: Mock Exam 2

Mock Exam 2 Solutions

Chapter Review Solutions

Chapter 1 – Understanding Security Fundamentals

Chapter 2 – Implementing Public Key Infrastructure

Chapter 3 – Investigating Identity and Access Management

Chapter 4 – Exploring Virtualization and Cloud Concepts

Chapter 5 – Monitoring, Scanning, and Penetration Testing

Chapter 6 – Understanding Secure and Insecure Protocols

Chapter 7 – Delving into Network and Security Concepts

Chapter 8 – Securing Wireless and Mobile Solutions

Chapter 9 – Identifying Threats, Attacks, and Vulnerabilities

Chapter 10 – Governance, Risk, and Compliance

Chapter 11 – Managing Application Security

Chapter 12 – Dealing with Incident Response Procedures

Other Books You May Enjoy

Leave a review - let other readers know what you think

Coupon Code For 12% Off on CompTIA Security+ Exam Vouchers

Coupon Code For 18% off on CompTIA Security+ Labs

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Understanding Identity and Access Management Concepts

One of the first areas in IT security is giving someone access to the company's network to use resources for their job. There are four key elements to Identify and Access Management (IAM), and these are identity, authentication, authorization, and accounting. Let's look at each of these in the order that they should be presented:

Identify: Each person needs some form of identification so that they can prove who they are; this could be a username, smart card, or some sort of biometric control. It needs to be unique to the person using that form of identity.
Authentication: The second part after proving your identity is to provide authentication for that identity. This can be done in many ways; for example, inserting a password or if you have a smart card, it would be a Personal Identification Number (PIN).
Authorization: Once the individual has been authenticated, they are given an access level based on...

CompTIA Security+: SY0-601 Certification Guide - Second Edition

By : Ian Neil

CompTIA Security+: SY0-601 Certification Guide - Second Edition

By: Ian Neil

Overview of this book

Related Content you might be interested in

Current Title:

CompTIA Security+: SY0-601 Certification Guide - Second Edition

CompTIA Security+ Practice Tests SY0-501

CompTIA Security+ SY0-701 Certification Guide

Security+® Practice Tests

Understanding Identity and Access Management Concepts